7

Receiving the CKR_GENERAL_ERROR when the application tries to open a connection to the H/W HSM.

The error in detail is:

50004-Crypto API could not be open.
Caused by: xxx.xxx.xxx.cryptoapi.CryptoApiSysException: Error opening session!!
Caused by: iaik.pkcs.pkcs11.wrapper.PKCS11Exception: CKR_GENERAL_ERROR
        at iaik.pkcs.pkcs11.wrapper.PKCS11Implementation.C_Initialize(Native Method) ~[pkcs11Wrapper-1.2.18.jar:1.2.18]
        at iaik.pkcs.pkcs11.Module.initialize(Module.java:307) ~[pkcs11Wrapper-1.2.18.jar:1.2.18]

Could anyone please tell what might be the reason for this error? The application works fine with the software HSM.

H/W HSM details:

  • ProtectToolkit C Key management utility : 4.2.0 (even tried with 4.3.0)
  • Manufacturer : Eracom
  • Hardware version : 66.00
  • Firmware version : 2.02
Till Helge
  • 9,253
  • 2
  • 40
  • 56
departed
  • 71
  • 1
  • 4
  • 1
    Is your access provider setup correctly (i.e. does `hsmstate`, `ctstat`, `ctbrowse` work with the hsm)? Are you using the same cryptoki library as these tools? – vlp Sep 30 '15 at 10:17
  • look like it is not connection error but initialization error. Can you check your PIN to login as user to token? – Ahmet Arslan Mar 16 '16 at 16:33

1 Answers1

3

CKR_GENERAL_ERROR is the general error message thrown by most of the PKCS#11 complaint API. Since you have the error while connecting to the HSM hardware Please make sure you do the following things:

  • You have successfully done the client (you app) to h/w hsm NTL configuration. Here's a link!
  • Verify that you have a valid slot number and partition password (PIN) while opening the session and login to the hsm.

Also, you can check HSM logs (usually residing on your hsm client installation directory in your application) to know what is the exact cause for the problem. Here's You can refer to my previous response on finding luna safenet client logs!

Amarnath Chigurupati
  • 91
  • 6